[Owasp-appsensor-project] Additional Detection Points - Violation of Input Data Integrity

Colin Watson colin.watson at owasp.org
Thu Jun 10 04:17:10 EDT 2010


ACE1 and ACE2 mention "... for Direct Object Access Attempts"
explicitly, but I was thinking that tampering with data is a wider
subject.  It might just be some plain text or a date that doesn't
reference an object, but it's still important to preserve the
integrity of that.


On 10 June 2010 02:56, John Melton <jtmelton at gmail.com> wrote:
> for this one, I don't think it's unique enough based on the
> description ... get/post is already covered.  If you're talking about
> creating "honeypot" parms as mentioned in the source file, then I'd
> say sure, but not with the description as written.  Also, http header
> manipulation might be unique enough, since cookies and get/post parms
> are already covered.

More information about the Owasp-appsensor-project mailing list